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Definition of a Hardware Trojan 

Debugging features as a basis of a Hardware Trojan 

An overview of the debugging features in modern Intel CPUs 
Activating debugging 

Detecting enabled debugging 
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Hardware Trojan 


Hardware Trojan is malicious alteration of hardware that could, under specific 
conditions, result in functional changes of the system. 
Hardware Trojan can be inserted at the stage of production, shipment, 
storage, or use. 
> Rajat Subhra Chakraborty, Seetharam Narasimhan, and Swarup Bhunia 
Hardware Trojan: Threats and Emerging Solutions, IEEE HLDVT 2009 
> Xiaoxiao Wang and Mohammad Tehranipoor 
Detecting Malicious Inclusions in Secure Hardware: Challenges and 
Solutions, |EEE HOST 2008 


http://spywareremovers.com/ 
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Hardware Trojan (Example) 


TOP SECRET//COMINT//REL TO USA, FVEY 


GODSURGE 


ANT Product Data 


(TS//SV//REL) GODSURGE runs on the FLUXBABBITT hardware implant and 

provides software application persistence on Dell PowerEdge servers by exploiting 06/20/08 

the JTAG debugging interface of the server's processors. 1 
SSS 


(TS/ISUIREL) FLUXBABBITT Hardware 


Implant for PowerEdge 2950 @ Q 8 A 


(TSI/SU/REL) FLUXBABBITT Hardware § ( 6 4 
implant for PowerEdge 1950 
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Use the JTAG, Luke! 


What Is JTAG ? 


Joint Test Action Group IEEE 1149.1 


https://en.wikipedia.org/wiki/JJTAG 
IEEE Standard 1149.1 
https://standards.ieee.org/findstds/standard/1149.1-2013.html 
Blackbox JTAG Reverse Engineering [26C3] 
https://www.youtube.com/watch Pv=Up0697E. 


Device 1 Device 2 Device 3 
3.3v 3.av 1. 


TAP 5 
Connector -——— 


https://www.xjtag.com 
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Uses of JTAG 


¢ Forensics (Dump Flash, rootkit detection) 

e Research (Cache as RAM, Secure Boot, Boot Guard, SMM) 
¢ Low-level debugging (UEFI DXE/PEI, drivers, hypervisor) 

¢ Performance analysis 


http://partsolutions.com/ 
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JTAG in Intel CPUs 


¢ JTAG 101 IEEE 1149.x and Software Debug 


http://www. intel.com/content/dam/www/public/us/en/documents/white-papers/jtag-101- 
ieee-1149x-paper.pdf 


¢ Debug Port Design Guide for UP/DP Systems 
http://download. intel.com/support/processors/pentium4/sb/31337301.pdf 


Internal 
Core 


7 https://upload.wikimedia.org 
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Connection Types 


Intel In-Target Probe eXtended Debug Port (ITP-XDP) 


Intel Direct Connect Interface (DCI): transport technology designed to 
enable closed chassis debug through any of USB3 ports out from Intel 
silicon. 

There are two types of DCI hosting interfaces in the platform: 


VY USB3 Hosting DCI (USB Debug cable) 


VY BSSB Hosting DCI (Intel SVT Closed Chassis Adapter) 
USB CABLE INTEL” SVT CLOSED CHASSIS ADAPTER ,:, 


Intel® System 
USE Debugger 


Debug & trace OS boot Debug & trace from CPU reset 


Available startin ig with 6th genera’ tion Inte! \* Core™ processor family 
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Intel ITP-XDP 


Y Direct connection to CPU debugging interface 
VY Price $3,000 

Y Special board socket is required 

Y Supported by Intel System Studio trial version 
Y Protocol covered by NDA 


https://designintools.intel.com 
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Intel® Direct Connect Interface (DC]l) 


Host Target (Gosed chassis) 
Hardware required: 


Intel® SVT Closed BSSB Hosting DO: 


Chassis Adapter For lower power (Sx- 
v State) & SO-State 


DFx access 


Trare 


- USB3 Hosting DCI: 
Software required: For SO-State DFx access and 
Intel® System Trace Tool high performance operations 
(component of Intel® System 
Studio) 


Intel® 100 Series and Intel® C230 Series Chipset Family Platform Controller Hub (PCH) 


Works with U series out-of-box chipsets only 
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BSSB Hosting DCI 


Intel® Silicon View Technology Closed Chassis Adapter (also known as SVTCCA or 
BSSB) provides access to DFx features, like JTAG and run control, through USB3 
ports on Intel® Direct Connect Interface (DCI) enabled silicon and platforms. 


Y Supported by Intel System Studio trial version 
Vv Price $390 


Y Private protocol using physical USB links 


_ https://designintools.intel.com 
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USB3 Hosting DCI 


Y No extra hardware required (standard USB 3.0 cable) 

Y OTG device, “magic” port needs to be found 

Y Deep Sleep mode not supported 

Y Supported by Intel System Studio trial version 

Y Run through the device integrated to the target platform 
Y Standard USB protocol used 


Ee 


http://www.datapro.net/ 
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USB3 Hosting DCI Device 


ee eee eee 


*!1xERROR: device SubClass should be USB Common Sub Class 2 
When IAD descriptor is ae 

bDeviceProtocol: x00 

*#!*ERROR: device Protocol should be TSB IAD Protocol 1 
When IAD descriptor is used 


bMaxPacketSizeD : Ox09 = (9) Bytes 
id¥endor : 0x8087 = Intel 
idProduct : Ox0A6E 

bedDevice: O=0000 
iManufacturer: O=01 
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What Is Simple USB-cable Able to Do... 


http://www.datapro.net/ 
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3 Configuration Console 


Kill Masterframe 


a 
Aamuuuctpatop: Command Prompt 


=\Inte 1\NDAL>PythonConsole.crd 


How to Activate DCI? 


e UEFI Human Interface Infrastructure (UEFI HIl) 
¢ PCH Strap (Intel Flash Image Tool) 
¢ P2SB device 
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Activation via UEFI HII 


¢ UEFI Human Interface Infrastructure 
http://www.uefi.org/sites/default/files/resources/UEFI%20Spec%202_5 Errata_A.PDF 


¢ AMI BIOS Configuration Program 5.0 
https://ami.com/products/bios-uefi-tools-and-utilities/bios-uefi-utilities/ 


e It is possible to reprogram BIOS by programmer or through SPI controller (if 
privileges allow), but the target platform could shut down with an error 
if Boot Guard is running. 


http://www.dediprog.com/ 
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Activation via UEFI HII 


[@ File View Window Help 


sa ? 


(QA2F) _| DCI enable (HDCIEN) LYes_ | Defautt | Enabled Enabled 
(C.A3 1) <bean sp pp yp SS 
(Sq PCH-IO Configuration (0A35) USB/UART Yes Default UART UART 
~(@ NB Porting Configuration (0A39) Debug Port Selection Yes Default Legacy UART Legacy UART 
(GOP Configuration (0A3D) GNSS Yes Default Disabled Disabled 

(0A41) GNSS Device Mode! Yes Default CG2000 CG2000 
a (QA87) Onboard LAN Yes Default Enabled Enabled 
(0A89) —_ LAN PHY Drives LAN_WAKE# Yes Default Disabled Disabled 
(0A45) = Sensor Hub Type Yes Default None None 
(0A91) DeepSx Power Policies Yes Default Disabled Disabled 
(0A93) LAN Wake From DeepSx Yes Default Enabled Enabled } 
(OA8B) Wake on LAN Yes Default Enabled Enabled 
(OA8F) SLP_LAN# Low on DC Power Yes Default Enabled Enabled 
(QA8D) Koff Yes Default Enabled Enabled 
DASE) Nake on WLAN Enable Yes Default Disabled Disabled 
4 


System Agent (SA) Confic 


" 


~Menu Help String 


Control Help String 
When DCI is Enabled, it is taken as user consent to enable the DC! which allows debug over the USB3 interface. When Disabled, the host control is not enabling DCI feature. 


rr 


fies [Eee [ES Pa 


Ready —— =— ee 
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Activation via PCH Strap 


¢ Intel® Flash Image Tool 
http://www.win-raid.com/t5 96f39-Intel-Management-Engine-Drivers-Firmware-amp- 
System-Tools.html 


¢ Manually (Flash Descriptor, PCH Strap): reprogram BIOS by programmer 
or through SPI controller (if privileges allow) 


vy Direct Connect Interface Configuration 


Parameter Value Help Text 
Direct Connect Interface (DCI) ... | No pits setting enables / disables the DCI interface used for Intel(R) Trace Hub debugging. 


Yes 
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Manually via P2SB Device 


34.3.1 
Overview 


The PCH incorporates a wide variety of devices and functions. The registers within 
these devices are mainly accessed through the primary interface, such as PCI 
configuration space and IO/MMIO space. Some devices also have registers that are 
distributed within the PCH Private Configuration Space at individual endpoints (Target 
Port IDs) which are only accessible through the PCH Sideband Interface. 


These PCH Private Configuration Space Registers can be addressed via SBREG BAR or 
fhrough Ob! Index Data pair programming. 


Table 39-1. Private Configuration Space Register Target Port IDs (Sheet 1 of 2) 


39.1 


PCH Device/Function Type 


HSIO Strap Configuration 


General Purpose I/O (GPIO) Community 3 


General Purpose I/O (GPIO) Community 2 


General Purpose I/O (GPIO) Community 1 
General Purpose I/O (GPIO) Community 0 


DCI Control Register (ECTRL)—Offset 4h 


Access Method 


Type: MSG Register Device: 
(Size: 32 bits) Function: 
Default: Oh 
3 2 2 2 1 1 
1 8 4 ry 6 2 s os s 
0 0 0 ofo o o olo oo ofo o 0 ofo 0 lo oo fo oO Oo Oo 0 
2 8 2 
= 


Bit Default & 


Acces Field Name (ID): Description 


31:5 Reserved. 


Host DCI Enable (HDCIEN): 0 = Disable DCI 
1 = Enable DCI 


This bit resides in the RTC well and is only reset by RTCRST#. 
This bit is cleared by writing a 0 to it; writing a 1 has no effect. 


3:0 Reserved. 


mgoryachy@ptsecurity.com 
mermolov@ptsecurity.com 


How to Fight Back? 


¢ BootGuard 


¢ Direct Connect Interface Enable bit check 


¢ MSR IA32_DEBUG_INTERFACE 
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IA32_DEBUG_INTERFACE 


Enable (R/W) if CPUID.O1H:ECX[11] = 1 


BIOS set 1 to enable Silicon debug features. 
Default is 0 


En 


Lock (R/W): If 1, locks any further change | If CPUID.OTH:ECX.[11] = 1 
to the MSR. The lock bit is set automatically 

on the first SMI assertion even if not 

explicitly set by BIOS. Default is 0. 


Debug Occurred (R/O): This “sticky bit” is | If CPUID.O1H:ECX [11] = 1 
set by hardware to indicate the status of 
bit 0. Default is 0. 


3200 ‘| |A32_DEBUG_INTERFACE Silicon Debug Feature Control (R/W) if CPUID.O1H:ECX{11] = 1 
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http://www.extremetech.com/wp-content/uploads/2014/07/chipsbank_usb_drives.jpg 


Summary 


¢ Modern CPU (Skylake+) design allows using JTAG-like interface through USB 
which gives total control over the system; 


¢ Being a low cost and non-NDA technology, JTAG provides new opportunities 
for researchers; 


¢ Big vendor of motherboard vendor (we aren’t disclose); 


e Ensure that your Skylake laptop has DCI disabled. 
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Thank you! 
Questions? 
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github.com/ptresearch 


